<?php
require_once('functions/pageLoad.php');
loginRequired();
$user_session = explode("_", $_SESSION['user']);
$user_id = $user_session[0];
$page_title = 'Purchase lead';

include "class.paypal.php";
$obj=new paypal_recurring;

$obj->environment = 'live';	// or 'beta-sandbox' or 'live'
$obj->paymentType = urlencode('Authorization');				// or 'Sale' or 'Order'
$obj->currencyID = urlencode('GBP');			// or other currency code ('GBP', 'EUR', 'JPY', 'CAD', 'AUD')
$obj->API_UserName = urlencode($settings['paypal_api_username']);
$obj->API_Password = urlencode($settings['paypal_api_password']);
$obj->API_Signature = urlencode($settings['paypal_api_signature']);
$obj->API_Endpoint = "https://api-3t.paypal.com/nvp";
$obj->returnURL = urlencode("http://".$settings['domain_name']."/purchase-lead.php?complete=true");
$obj->cancelURL = urlencode("http://".$settings['domain_name']."/purchase-lead.php?error=true");

if(isset($_GET['purchase']) && isset($_GET['id'])){

// get cost
	$sql = "SELECT jobs.id, lead_cost FROM jobs 
			LEFT JOIN trades ON jobs.trade_id = trades.id 
			WHERE jobs.id = '".mysql_real_escape_string($_GET['id'])."'";
	$query=mysql_query( $sql ) or die ("Error in query: $sql . " . mysql_error());
	$rs=mysql_fetch_assoc($query);
	$_SESSION['lead_job_id'] = $rs['id'];
	$_SESSION['lead_cost'] = $rs['lead_cost'];

$obj->paymentAmount = urlencode($rs['lead_cost']);
$obj->setExpressCheckout();

}

if(isset($_GET['complete'])){

$_GET['id'] = $_SESSION['lead_job_id'];

// get cost
	$sql = "SELECT jobs.id, lead_cost FROM jobs 
			LEFT JOIN trades ON jobs.trade_id = trades.id 
			WHERE jobs.id = '".mysql_real_escape_string($_GET['id'])."'";
	$query=mysql_query( $sql ) or die ("Error in query: $sql . " . mysql_error());
	$rs=mysql_fetch_assoc($query);
	
	$obj->paymentAmount = urlencode($rs['lead_cost']);
	$result = $obj->getExpressCheckout();
	
	if($result['status'] == 'success'){
	
	$sql = "SELECT tradesman.id FROM tradesman WHERE tradesman.user_id = '".$user_session[0]."' LIMIT 0,1";
	$query=mysql_query( $sql ) or die ("Error in query: $sql . " . mysql_error());
	$rs=mysql_fetch_assoc($query);
	$tradesman_id = $rs['id'];
	
	// insert and notify
	$sql = "INSERT INTO lead_purchases SET tradesman_id = '".$tradesman_id."', job_id = '".mysql_real_escape_string($_SESSION['lead_job_id'])."', payment_ref = '".$result['trans_id']."'";
	$query=mysql_query( $sql ) or die ("Error in query: $sql . " . mysql_error());
	
	// send email to user
	
	$sql = "SELECT jobs.id, jobs.title, users.email, users.firstname, users.surname, trade, area FROM jobs
			LEFT JOIN users ON jobs.user_id = users.id 
			LEFT JOIN trades ON jobs.trade_id = trades.id 
			LEFT JOIN areas ON jobs.area_id = areas.id 
			WHERE jobs.id = '".mysql_real_escape_string($_SESSION['lead_job_id'])."'";
	$query=mysql_query( $sql ) or die ("Error in query: $sql . " . mysql_error());
	$rs=mysql_fetch_assoc($query);
	
	$job_link = build_job_link($rs['trade'],$rs['area'],$_GET['id']);
	
	require_once("classes/class.phpmailer.php");
	$mail = new PHPMailer();
	$mail->IsSMTP(); // telling the class to use SMTP
	$mail->Host = "localhost"; // SMTP server
	$mail->From = "mail@iwantatradesman.co.uk";
	$mail->FromName = "I Want A Tradesman";

	$mail->AddAddress($rs['email']);

	$mail->Subject = "Details request";
	$mail->Body = "Dear ".$rs['firstname']." ".$rs['surname']."\r\n\r\nA tradesman has requested for your contact details for the job: ".$rs['title'].".\r\n\r\nYou can choose to accept the request here: http://www.iwantatradesman.co.uk".$job_link."\r\n\r\nKind regards\r\n\r\nThe I Want A Tradesman Team\r\n\r\n\r\nThis email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.";

	$mail->Send();
	
	$pp_result = true;
	
	}


}

include('includes/meta.php');
include('includes/header.php');
include('includes/navigation.php');

	$sql = "SELECT jobs.id, title, lead_cost FROM jobs 
			LEFT JOIN trades ON jobs.trade_id = trades.id 
			WHERE jobs.id = '".mysql_real_escape_string($_GET['id'])."'";
	$query=mysql_query( $sql ) or die ("Error in query: $sql . " . mysql_error());
	$rs=mysql_fetch_assoc($query);

?>

<h1><?php echo $page_title; ?> for <?php echo $rs['title']; ?></h1>

<?php

if($pp_result){ 

	$sql = "SELECT jobs.id, trade, area FROM jobs
			LEFT JOIN trades ON jobs.trade_id = trades.id 
			LEFT JOIN areas ON jobs.area_id = areas.id 
			WHERE jobs.id = '".mysql_real_escape_string($_SESSION['lead_job_id'])."'";
	$query=mysql_query( $sql ) or die ("Error in query: $sql . " . mysql_error());
	$rs=mysql_fetch_assoc($query);
	$job_link = build_job_link($rs['trade'],$rs['area'],$_GET['id']);

?>

<p>Thank you, you have successfully authorised payment.</p>
<h2>What happens next</h2>
<p>We will now contact the job owner and request them to authorise the release of their contact details. If they approve, we will complete the payment with Paypal and you will be able to view their contact details on the job page. However, if they decline we will void the payment with Paypal. Either way we will notify you as soon as the job owner responds.</p>
<h2>Where do you want to go now?</h2>
<p>
<a href="<?php echo $job_link; ?>">View the job</a><br />
<a href="/my-account">Go to my account</a>
</p>
<?php } else{ ?>

<p>You can purchase the lead for this job by authorising a payment of <strong>&pound;<?php echo $rs['lead_cost']; ?></strong>. Money will not be taken from your account until the jobs owner approves the release of their telephone number. Once the payment has been approved by the jobs owner you will receive an email notifying you to view the job page for their contact information.</p>

<p>You can start the process by clicking the button below, this will take you to Paypal for a payment authorisation of &pound;<?php echo $rs['lead_cost']; ?></p>

<a href="?purchase=true&amp;id=<?php echo $_GET['id']; ?>" class="blue_link">Purchase lead for &pound;<?php echo $rs['lead_cost']; ?></a>

<?php } ?>

<?php 

include('includes/rightColumn.php');
include('includes/footer.php');

?>